Udostępnij za pośrednictwem

Identity and Access Management - Microsoft Cloud identity for Architects

  • Artykuł

We have a very interesting topic on Designing Identity for Microsoft cloud.

When I read through, these are some of the points which came across as design considerations.

 

Directory Integration options for the enterprise

  • Integrate with Microsoft Azure Active Directory
  • Extend your on premise Windows Active Directory
    to Microsoft Azure

Integrate your on-premises Windows Active Directory accounts with Microsoft Azure Active Directory

  • Directory and Password Synchronization

    • Users enter the same password for cloud services as they do on-premises
    • Supports multi-forest synchronization
    • Azure AD performs all authentication for cloud-based services and applications

  • Use Federation

    • If Single Sign-on is required
    • ADFS is already deployed
    • Federated authentication requires a greater
      investment in infrastructure on-premises.

Extend Windows Active Directory to Azure

Deploy one or more domain controllers to azure designated as a global catalog server

Connectivity options

  • Virtual private network (VPN) – Site to Site and Point to Site
  • ExpressRoute

Integrating applications with cloud identities

Applications integrated to address consistency in authentication process and Credentials required.

Putting directory components in Azure

Consider the benefits of deploying directory components to azure, specifically if you extend ADDS to azure to support LOB applications.

Tools that are used for synchronization

  • Azure Active Directory Sync Tool
  • ADFS+AD Sync tool

Final go,

Standalone Azure AD environment

No need to always integrate a cloud application with your on-premise environment. A standalone domain AAD supports applications that are public-facing. This solution works with

  • Internet facing websites and applications
  • Applications that require Active Directory.

 A schematic representation can be found here in this link - https://technet.microsoft.com/en-us/library/dn919927(v=office.15).aspx

Comments

  • Anonymous
    July 02, 2015
    Interesting and thanks for the article.

  • Anonymous
    July 03, 2015
    Thanks, good summary. Would be nice to know more on how Azure AD can help in scenarios of single sign on for my cloud or on Prem apps when using non Microsoft on-Prem or cloud identity providers.